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DETAILED ACTION 

The instant application having Application No. 10/577857 filed on 4-28-06 is 
presented for examination by the examiner. 



Priority 

Acknowledgment is made of applicant's claim for foreign priority under 35 U.S.C. 
1 19(a)-(d). The certified copy has been received. 



Specification 

The abstract of the disclosure is objected to because it exceeds the maximum 

number of words. Correction is required. See MPEP § 608.01(b). 

Applicant is reminded of the proper language and format for an abstract of the 
disclosure. 

The abstract should be in narrative form and generally limited to a single 
paragraph on a separate sheet within the range of 50 to 150 words. It is important that 
the abstract not exceed 150 words in length since the space provided for the abstract 
on the computer tape used by the printer is limited. The form and legal phraseology 
often used in patent claims, such as "means" and "said," should be avoided. The 
abstract should describe the disclosure sufficiently to assist readers in deciding whether 
there is a need for consulting the full patent text for details. 

The language should be clear and concise and should not repeat information 
given in the title. It should avoid using phrases which can be implied, such as, "The 
disclosure concerns," "The disclosure defined by this invention," "The disclosure 
describes," etc. 



Claim Objections 

Claims 1 is objected to because of the following informalities: 
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Examiner assumes this is the said security 



Claim Rejections - 35 USC §112 

The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claims 1 4, 18, and 19 are rejected under 35 U.S.C. 112, second paragraph, as 
being indefinite for failing to particularly point out and distinctly claim the subject matter 
which applicant regards as the invention. 

Regarding claim 1 , each step of the method references which entity is performing 
that step except the step of generation. It is not definitive what is performing the 
generation of the cryptogram. 

Regarding claims 4, 18, and 19, the phrase "card type" renders the claim(s) 
indefinite because the claim(s) include(s) elements not actually disclosed (those 
encompassed by "or the like" synonymous with "type"), thereby rendering the scope of 
the claim(s) unascertainable. See MPEP § 2173.05(d). 



Application/Control Number: 10/577,857 
Art Unit: 2131 



Page 4 



Double Patenting 

The nonstatutory double patenting rejection is based on a judicially created 
doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the 
unjustified or improper timewise extension of the "right to exclude" granted by a patent 
and to prevent possible harassment by multiple assignees. A nonstatutory 
obviousness-type double patenting rejection is appropriate where the conflicting claims 
are not identical, but at least one examined application claim is not patentably distinct 
from the reference claim(s) because the examined application claim is either anticipated 
by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 
F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 
USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 
1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, All 
F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 
USPQ 644 (CCPA 1969). 

A timely filed terminal disclaimer in compliance with 37 CFR 1 .321 (c) or 1 .321 (d) 
may be used to overcome an actual or provisional rejection based on a nonstatutory 
double patenting ground provided the conflicting application or patent either is shown to 
be commonly owned with this application, or claims an invention made as a result of 
activities undertaken within the scope of a joint research agreement. 

Effective January 1 , 1994, a registered attorney or agent of record may sign a 
terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 
37 CFR 3.73(b). 



Claims 1 -6, 8-11,1 3, and 1 6-1 8 are provisionally rejected on the ground of 
nonstatutory obviousness-type double patenting as being unpatentable over claims 21- 
26, 29, 32, 33, and 36-40 of copending Application No. 10/577158. Although the 



conflicting claims are not identical, they are not patentably distinct from each other 
because each set forth the same method as below. 



Instant Application 10/577,857 


Copending Application 10/577,158 


Claim 1 

An authentication method of at least one 
application working in a equipment 
connected by a network to a control 
server, said equipment being locally 
connected to a security module, said 


Claim 21 

Method for managing the security of 
applications with a security module 
functioning in an equipment connected to 
a network, said network being managed by 
a control server of an operator, said 
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application being at least one of loaded 
loadable and executable via an application 
execution environment of the equipment 
and being adapted to use resources stored 
in the security module, the method 
comprising: 

reception by the control server, via the 
network, of data comprising at least the 
identifier of the equipment and the 
identifier of the security module, 



analysis and verification by the control 
server of said data, 

generation of a cryptogram comprising a 
digest of the application and, data 

identifying the equipment and the 
security module and instructions 
intended for said module, 

transmission of said cryptogram, via the 
network and the equipment, to the security 
module, and 

verification of the application by comparing 

the digest extracted from the cryptogram 

received with a digest determined by the 

security module, 

wherein, during at least one of 

initialization and activation of the 

application, 



the security module executes the 
instructions extracted from the cryptogram 
and at least one of 

releases and blocks access to certain 
resources 



applications using resources as data or 
functions stored in a security module 
locally connected to said equipment, 
comprising the following preliminary steps: 



reception of data comprising at least the 
type and software version of the 
equipment 

and the identity of the security module, via 
the network, by the control server, 

analysis and verification by the control 
server of said data, 

generation of a cryptogram from the result 
of the verification of said data, and 



transmission of said cryptogram, via the 
network and the equipment, to the security 
module, 

said method further comprises steps 
wherein the security module analyses the 
received cryptogram and 

activates, respectively deactivates the 
resources as data or functions used by 
at least one application installed in the 
equipment, 



said cryptogram comprising the 
instructions conditioning the functioning of 
the application according to criteria 
established by the supplier of said 
application and/or the operator and/or the 
user of the equipment. 
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of said security module according to a 
result of the verification suited to this 

application carried out previously. 

Examiner contends that "releases and blocks access" is an obvious equivalence 
to "activates and deactivates". Claims 2-6, 8-11, 13, and 16-18 are virtually identical to 
claims 22-26, 29, 32, 33, and 36-40 of the copending application are likewise 
provisionally rejected. 

This is a provisional obviousness-type double patenting rejection because the 
conflicting claims have not in fact been patented. 



Claim Rejections - 35 USC § 102 

(e) the invention was described in (1 ) an application for patent, published under section 1 22(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 



Claims 17 and 18 are rejected under 35 U.S.C. 102(e) as being anticipated by 
USP Application Publication 2003/01 14144 to Minemura. 
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As per claim 17, Minemura teaches a security module [authentication module] 
comprising resources intended to be accessed locally by at least one application 
installed in an equipment [terminal] connected to a network (see abstract), 

said equipment including means for reading and transmitting data including at 
least an identifier of the equipment and an identifier of the security module, said module 
further comprising means for reception, storage, and analysis of a cryptogram (Figure 6) 
containing among other data, a digest of said application (0193) and instructions (0125), 

means for verification of said application (0192), and 
means for extraction and execution of the instructions contained in the cryptogram, for 
at least one of blocking certain resources according to the result of the verification of the 
application (0085-0089). 

As per claim 18, Minemura teaches the security module [IC] is at least one being 
of the "subscriber module" and " SIM card" type intended to be connected to a mobile 
equipment (0013). 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness rejections set 
forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth 
in section 1 02 of this title, if the differences between the subject matter sought to be patented and the 
prior art are such that the subject matter as a whole would have been obvious at the time the invention 
was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability 
shall not be negatived by the manner in which the invention was made. 
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Claims 1 -1 1 and 1 3-1 9 are rejected under 35 U.S.C. 1 03(a) as being 
unpatentable over USP Application Publication 2003/01 14144 to Minemura. 

As per claim 1 Minemura teaches an authentication method of at least one 
application working in a equipment [terminal] connected by a network to a control server 
[server/service company], said equipment being locally connected to a security module 
[authentication module], said application being at least one of loaded loadable and 
executable via an application execution environment of the equipment and being 
adapted to use resources stored in the security module, the method comprising (see 
abstract): 

reception by the control server, via the network, of data comprising at least the 

identifier of the equipment and the identifier of the security module (0192-0193), 

analysis and verification by the control server of said data (0192), 

generation of a cryptogram comprising a digest of the application (0084-0085 and Fig. 

6), data identifying [unique information] the equipment and the security module 

[identifier] and instructions intended for said module (0125), 

transmission of said cryptogram, via the network and the equipment, to the security 

module (0085), and 

verification of the application by comparing the digest extracted from the cryptogram 
received with a digest determined by the security module (0085), 
wherein, during at least one of initialization and activation of the application, the security 
module executes the instructions extracted from the cryptogram and at least one of 
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releases and blocks access to certain resources of said security module according to a 
result of the verification suited to this application carried out previously (0085). In one of 
the first of many embodiments Minemura teaches that a server downloads the 
application and authentication information (the hash of the application) to the terminal 
device (0085). In a later embodiment, Minemura teaches that the terminal and its 
authentication module must first authentication itself to the server before the server will 
initiate any data transfer (0192). Furthermore Minemura teaches that the authentication 
module must and is thereby authenticated with the terminal device which is 
authenticated by the server. So there is authentication between all three entities. 
Minemura explicitly teaches that the terminal device and authentication module can be 
identified by unique information i.e. production number, unit type number, identifier 
stored in ROM, and version number. Even though Minemura does not explicitly teach 
that the cryptogram sent for module includes this identifying data when the digest is 
sent, one of ordinary skill in the art would further use identifying material to thwart a 
malicious sender from deceiving the terminal. Minemura uses this information for 
authentication purposes between the authentication module and the terminal device. 
Therefore it would have been obvious to one of ordinary skill in the art at the time of the 
invention to include the identifying information of the terminal [equipment] and 
authentication module [security module] when the digest is sent from the server to the 
device to prevent a man-in-the-middle attack whereby a false server sends a malicious 
data. Once the terminal authenticates itself by providing unique identifying information, 
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the server can include this information in encrypted form back to the terminal to prove 
the server is in fact the server to which the terminal intended to communicate with. 

As per claim 2, Minemura teaches the equipment is a mobile equipment of 
mobile telephony (0013). 

As per claim 3, Minemura teaches the network is a mobile network of at least one 
of the type GSM or GPRS or UMTS (0013). It is notoriously well known that cell phones 
use these types of networks to communicate. 

As per claim 4, Minemura teaches the security module is a subscriber module 
inserted into the mobile equipment of mobile telephony of the SIM card type (001 3). 

As per claim 5, Minemura teaches the identification of at least one of the set 
mobile equipment and subscriber module is carried out from the identifier of the mobile 
equipment and from the identifier of the subscriber module suited to a subscriber to the 
network (0193). 

As per claim 6, Minemura teaches the instructions included in the cryptogram 
received by the security module condition the use of the applications according to 
criteria established previously by at least one of the operator, the application supplier, 
and the user of the equipment (01 25, 0141). 

As per claim 7, Minemura teaches the criteria define limits of use of an 
application according to the risks associated with at least one of the software of said 
application and with the hardware of the equipment that the operator desires to take into 
account (0125, 0141 and solves the problem of 0008). 
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As per claim 8, Minemura teaches the verification of the application with the 
cryptogram is carried out at the time of at least one of the first initialization and the first 
use of said application (0210). 

As per claim 9, Minemura teaches the verification of the application with the 
cryptogram is periodically carried out at a given rate [expiry rate] according to 
instructions originating from the control server (0143-0144). 

As per claim 10, Minemura teaches the verification of the application with the 
cryptogram is carried out at the time of each initialization of said application on the 
equipment (0144). 

As per claim 1 1 , Minemura teaches the cryptogram is generated with the aid of 
an asymmetrical or symmetrical encryption key from a data set (0199) containing, 
among other data, the identifier of the equipment, the identifier of the security module, 
an identifier of the application (0141 ), the digest of the application calculated with an 
unidirectional hash function and identifiers of the resources of the security module and 
instructions for locking/releasing of resources of the security module (01 91 ). 

As per claim 13, Minemura teaches the security module transmits to the control 
server, via the equipment and the network, a confirmation message when said security 
module has accepted or refused a cryptogram of an application (0087, provision of 
service). 

As per claim 14, Minemura teaches the cryptogram is transmitted to the security 
module at the same time as the application is loaded into the equipment via the 
execution environment of the applications (0210). 
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As per claim 15, Minemura teaches the application, once loaded into the 
equipment from the control server via the network, requests a cryptogram from the 
server at the time of its initialization and transmits said cryptogram to the security 
module (0089), the confirmation message of acceptance or refusal of the cryptogram 
being transmitted by the security module to the server via the application (0210). 

As per claim 1 6, Minemura teaches the equipment is a Pay-TV decoder or a 
computer to which the security module is connected (0078). 

As per claim 19, Minemura teaches the security module is a subscriber module 
[IC] inserted into the mobile equipment of mobile telephony of the SIM card type (0013). 

Claim 12 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Minemura in view of USP Application Publication 2002/0012433 to Haverinen et al, 
hereinafter Haverinen. 

As per claim 12, Minemura is silent in disclosing a predictable variable in the 
cryptogram. Minemura does teach using a random number to prevent replay attacks 
(0192). Haverinen teaches that timestamps can be used as a substitute to random 
number in authentication to prevent replay attacks. Therefore it would have been 
obvious to one of ordinary skill in the art at the time of the invention to use the 
timestamps in the cryptograms as a means to prevent malicious replay attacks by a 
third party. Timestamps are a known to be an adequate method of performing the same 
function of a random number in the art of computer security. 
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Conclusion 

The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

JP 2002-152196 discloses a base station authenticates the portable device using the 
public and the secret keys of the device and determines whether the program has a 
corresponding source origin, based on the hash value confirmation result. 
Using the public key, the base station authenticates the program if it has the 
corresponding origin. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to MICHAEL R. VAUGHAN whose telephone number is 
(571)270-7316. The examiner can normally be reached on Monday - Thursday, 7:30am 
- 5:00pm, EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
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more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO 
Customer Service Representative or access to the automated information system, call 
800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/M. R. V./ 

Examiner, Art Unit 2131 
/Ayaz R. Sheikh/ 

Supervisory Patent Examiner, Art Unit 2131 



